Attackers Can Modify Options and Gain Admin Access
CVE-2024-9235
8.8HIGH
What is CVE-2024-9235?
The Mapster WP Maps plugin for WordPress has a vulnerability that allows authenticated users, with contributor-level access or higher, to exploit insufficient capability checks in the mapster_wp_maps_set_option_from_js() function. This flaw enables these users to update arbitrary options on a WordPress site, including changing the default role for new user registrations to administrator. Such an exploit can allow adversaries to gain administrative privileges on compromised sites, posing a significant security risk to affected WordPress installations.
Affected Version(s)
Mapster WP Maps * <= 1.5.0